CIA Brief – 231111

How AI Can Improve Threat Intelligence Gathering and Usage – https://techcommunity.microsoft.com/t5/educator-developer-blog/how-ai-can-improve-threat-intelligence-gathering-and-usage/ba-p/3975449

Reflecting on 20 years of Windows Patch Tuesday – https://blogs.windows.com/windowsexperience/2023/11/09/reflecting-on-20-years-of-windows-patch-tuesday/

Must-have skills for the AI era | AI at work with Microsoft’s Jared Spataro – https://www.youtube.com/watch?v=F8nzcGC8la0

Using Microsoft Defender Threat Intelligence with the Diamond Model for Threat Intelligence – https://techcommunity.microsoft.com/t5/microsoft-defender-threat/using-microsoft-defender-threat-intelligence-with-the-diamond/ba-p/3976100

Insights from Microsoft Security Copilot early adopters – https://www.microsoft.com/en-us/security/blog/2023/11/08/insights-from-microsoft-security-copilot-early-adopters/

Microsoft shares threat intelligence at CYBERWARCON 2023 – https://www.microsoft.com/en-us/security/blog/2023/11/09/microsoft-shares-threat-intelligence-at-cyberwarcon-2023/

Copilot in Microsoft 365 Chat | Uncover Similar Themes – https://www.youtube.com/watch?v=Hj5xpC5_ZJw

Create a company-wide signature or disclaimer in Microsoft 365 – https://www.youtube.com/watch?v=r-JDQPeoLig

Microsoft 365 Chat | Generate New Ideas with Copilot – https://www.youtube.com/watch?v=tU96RtPhQ0k

Microsoft 365 Chat | Manage Your Inbox – https://www.youtube.com/watch?v=yWC2XcRvH7E

Copilot in Teams | Get meeting overviews – https://www.youtube.com/watch?v=UNQeA2uqNPA

Now is the time—manage your Mac endpoints with Microsoft Intune – https://techcommunity.microsoft.com/t5/microsoft-intune-blog/now-is-the-time-manage-your-mac-endpoints-with-microsoft-intune/ba-p/3974449

Simplified security settings management is now generally available – https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/simplified-security-settings-management-is-now-generally/ba-p/3975158

Getting started with Microsoft Lists – Edit a view of a list – https://www.youtube.com/watch?v=Xcd7IW3p8Fw

Copilot in Microsoft 365 Chat | Grow your knowledge – https://www.youtube.com/watch?v=hkS-qS0ClSs

Discover, prepare, and recap your meetings in one place with Meet in Microsoft Teams – https://www.youtube.com/watch?v=JBxI4qiBPdk

Getting started with OneDrive – Share files and folders with Microsoft 365 – https://www.youtube.com/watch?v=Rs7hqD8nzyw

Emphasizing Security by Default with Advanced Microsoft Authenticator Features. – https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/emphasizing-security-by-default-with-advanced-microsoft/ba-p/3773130

Automatic Conditional Access policies in Microsoft Entra streamline identity protection – https://www.microsoft.com/en-us/security/blog/2023/11/06/automatic-conditional-access-policies-in-microsoft-entra-streamline-identity-protection/

Enterprise IoT security with Defender for IoT now included in Microsoft 365 E5 and E5 Security plans – https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/enterprise-iot-security-with-defender-for-iot-now-included-in/ba-p/3967533

What’s new for Security: Training and Certification – https://techcommunity.microsoft.com/t5/microsoft-learn-blog/what-s-new-for-security-training-and-certification/ba-p/3644507

Complete the new 30 Days to Learn It Challenge and explore the new trainings in Security – https://techcommunity.microsoft.com/t5/security-compliance-and-identity/complete-the-new-30-days-to-learn-it-challenge-and-explore-the/ba-p/3966324

Copilot in Outlook | Manage your inbox – https://www.youtube.com/watch?v=PSTSOyBccnY

Copilot in Word | Locate key information – https://www.youtube.com/watch?v=hxc5t3AfpKo

Copilot in Word | Transform a document – https://www.youtube.com/watch?v=Tx0IbvgI4NA

Announcing Microsoft Secure Future Initiative to advance security engineering – https://www.microsoft.com/en-us/security/blog/2023/11/02/announcing-microsoft-secure-future-initiative-to-advance-security-engineering/

After hours

Candy Thieves vs Rigged Candy Bowl – https://www.youtube.com/watch?v=Zb01RStdzEs

Editorial

Next week is going to be a firehose with Microsoft Ignite taking place, so be prepared for lots of links in the CIA Brief next week.

If you found this valuable, the I’d appreciate a ‘like’. This helps me know that people enjoy what I have created. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

Watch out for the next CIA Brief next week.

Accessing Azure Key Vault via Power Automate

In a previous article:

Adding a secret to an Azure Key Vault

I showed how a secure credential could be saved to an Azure Key Vault and then retrieved either from the browser, or PowerShell. You can however, also retrieve a secret using Power Automate.

You can see I have the same ‘super secret’ password stored in the Azure Key Vault above.

The Azure Key Vault connector in Power Automate is a premium connector which means you’ll either need an advanced Power Platform license or you’ll need to set up a

Power Platform PAYG configuration

which is probably the more cost effective approach.

You’ll firstly need to login to your Power Platform environment and select Connectors from the menu on the left as shown above. In here look for the Azure Key Vault connector. If it is not there select the +New connector from the menu at the top.

Search for key vault in the top right and then select Azure Key Vault as shown above. You will note that this connector is a Premium connector as highlighted earlier.

Enter the vault name and select Create.

You should now see the connector displayed in the list as shown above.

If you select this connector you will see additional information and the connection Status as well. Icons on the menu bar at the top that allow you to maintain this connector if needed.

Create a new flow and add a new step. Search for key vault as shown and select Get Secret as the action below as shown above.

If you pull down the Name of the secret field you should see your secret name previously created in the Azure Key Vault as shown above, which you can select.

Complete your flow. Here I’m just going to output the value of the secret (i.e. the password) to a Microsoft Team channel.

If you now run the flow you see that it succeeds.

You should also see the output of the secret (i.e. here the password) stored in the Azure Key Vault displayed as shown above.

Another advantage of using an Azure Key Vault is that you can use it a variety of tools such as PowerShell and Power Automate as I have shown here. This means that the credentials stay secure and can still be accessed via your automation process.

CIAOPS Need to Know Microsoft 365 Webinar – November

Join me for the free monthly CIAOPS Need to Know webinar. Along with all the Microsoft Cloud news we’ll be taking a look at the Microsoft 365 video service, Stream.

Shortly after registering you should receive an automated email from Microsoft Teams confirming your registration, including all the event details as well as a calendar invite.

You can register for the regular monthly webinar here:

November Webinar Registrations

(If you are having issues with the above link copy and paste – https://bit.ly/n2k2311

The details are:

CIAOPS Need to Know Webinar – November 2023
Thursday 30th of November 2023
11.00am – 12.00am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.

Adding a secret to an Azure Key Vault

An Azure Key Vault is a great location for storing credential securely. In a recent article I cover how to:

Create a new Azure Key Vault

next, I want to cover how you can actually put credentials in there.

Step one is to navigate the Azure Key Vault you have created, and select the Secrets option from the menu on the left as shown above. From the menu on the right select +Generate/Import as shown.

Simply complete the fields as shown and select the Create button at the bottom of the window.

You will note that your secret (say a password) has a Name and potentially an activation and expiration date if desired. You can also enable or disable if desired.

You should now see that the secret has been created as shown above. To view the details simply click on the secret.

Here you’ll now see all the details about the secret. The good thing about information about an Azure Key Vault credential is that you can easily update it if required and previous versions will be retained. You can also control access to this individual secret via the Access control (IAM) on the menu on the left hand side.

If you now select the Current version displayed in the middle of the page you will get more details like so:

Here, you can update the settings for secret as well as reveal what the secret is by selecting the Show Secret Value button as shown.

You see the super secret password shown above.

One of the main reasons reasons for using an Azure Key Vault is that we can access this information also programmatically, for example by using PowerShell.

If I connect to Azure using the Azure PowerShell module with a user that has rights to access the vault and secret, I can run a command like:

get-azkeyvaultsecret -vaultname “vaultname” -name “secretname”

and the results will be shown above. But how do I get to the actual secret?

Basically, you repeat the previous command but this time assign it to a variable and add the –asplaintext option, like shown above. The command would look like:

$pwd = get-azkeyvaultsecret -vaultname “vaultname” -name “secretname” –asplaintext

Now the secret value (say password) is in the variable $pwd for use in my code.

PowerShell is not the only method you can use to obtain what is in an Azure Key Vault. You can use something like Power Automate and Flow, which I’ll cover off in an upcoming articles. However, PowerShell allows just about any function with vaults including creating, reading, deleting, updating and so on. Thus, using an Azure Key Vault provides a secure yet flexible method of storing credentials you want to protect as well as make potentially portable (i.e. you can use them anywhere on any device that runs PowerShell and connect to the internet).

So an Azure Key Vault provides secure storage for credentials that you can easily access programmatically using something like PowerShell and Power Automate. What can now be achieved with this? Stay tuned to find out more.

Create a new Azure Key Vault [VIDEO]

As a follow on from my recent post:

Create a new Azure Key Vault

I’ve also now done a companion video at:

https://www.youtube.com/watch?v=A8dJL43zDYA

CIA Brief – 231104

Here’s all the Microsoft Cloud news I have come across this week.

Microsoft Defender Monthly news – November 2023 – https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/monthly-news-november-2023/ba-p/3970796

Microsoft Entra ID Governance licensing for business guests – https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/microsoft-entra-id-governance-licensing-for-business-guests/ba-p/3575579

Copilot in Outlook | Manage your inbox –

https://www.youtube.com/watch?v=PSTSOyBccnY

Copilot in Word | Locate key information –

https://www.youtube.com/watch?v=hxc5t3AfpKo

Copilot in Word | Transform a document –

https://www.youtube.com/watch?v=Tx0IbvgI4NA

Announcing Microsoft Secure Future Initiative to advance security engineering –

https://www.microsoft.com/en-us/security/blog/2023/11/02/announcing-microsoft-secure-future-initiative-to-advance-security-engineering/

Copilot in Excel | Be more analytical –

https://www.youtube.com/watch?v=9K5EptYm-B4

Copilot in Word | Gain focus time –

https://www.youtube.com/watch?v=KzOxnZBDbwQ

Latest updates to Microsoft 365 Migration Manager –

https://www.youtube.com/watch?v=C-MbzTrZJ0A

A new world of security: Microsoft’s Secure Future Initiative –

https://blogs.microsoft.com/on-the-issues/2023/11/02/secure-future-initiative-sfi-cybersecurity-cyberattacks/

Copilot for work –

https://www.microsoft.com/en-us/microsoft-365/copilot-for-work

HDFC Bank uses the Microsoft Power Platform to lead digital transformation –

https://www.youtube.com/watch?v=seD7BapZeMA

Copilot in Excel | Identify key insights –

https://www.youtube.com/watch?v=OmbIJv0WY0I

Copilot in Word | Get a head start –

https://www.youtube.com/watch?v=H5tDkC2dOj8

Microsoft 365 Business Premium now comes with 100 print jobs per user –

[MC682087 · Published Oct 17, 2023]: Organizations with Microsoft 365 Business Premium licenses will receive one hundred (100) print jobs per license per month starting on November 14, 2023. Today, Microsoft 365 Business Premium customers receive five (5) print jobs per license per month. These print jobs are refreshed every month and are pooled, so all licensed employees can use them. This change is similar to the April 2023 extension of print jobs per license for Microsoft 365 E3 and E5 organizations.

OneDrive Quickstart Guide –

https://adoption.microsoft.com/files/onedrive/Microsoft-OneDrive-quick-start-guide.pdf

Microsoft Security Copilot Demo: Defend at Machine Speed –

https://www.youtube.com/watch?v=psWW3g1CJvY

Latest updates to Microsoft 365 Migration Manager – https://www.youtube.com/watch?v=C-MbzTrZJ0A

Storing data for thousands of years | Microsoft Project Silica – https://www.youtube.com/watch?v=-rfEYd4NGQg

What’s new for IT pros in Windows 11, version 23H2

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-new-for-it-pros-in-windows-11-version-23h2/ba-p/3967814

The Defender’s Watch: Disrupting Attacks in Real Time – https://info.microsoft.com/ww-thankyou-the-defenders-watch-episode-4.html?LCID=EN-US

Windows passwordless experience expands – https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-passwordless-experience-expands/ba-p/3962005

What’s new in Microsoft Intune (2310) October edition – https://techcommunity.microsoft.com/t5/microsoft-intune-blog/what-s-new-in-microsoft-intune-2310-october-edition/ba-p/3964074

If you found this valuable, the I’d appreciate a ‘like’. This helps me know that people enjoy what I have created. If you have any feedback or suggestions around this, I’m all ears.

Watch out for the next CIA Brief next week.

Create a new Azure Key Vault

Given that a number of upcoming articles will discuss Azure Key Vaults, I thought a good place to start was to show you how to set one up. It is pretty easy, so let’s do it!

You’ll need a paid Azure subscription and administrator access to your Azure portal.

In the Azure portal, search for Key Vaults as shown and select Key Vaults from the results.

Then select the option to Create a new vault as shown above.

Complete the details for the vault, including:

– Azure subscription

– Resource group

– Key vault name

– Region

– Pricing tier

most of the other options can be left at their defaults. Select the Next button at the bottom of the window to continue.

In this case the default Permissions model of Azure role-based access control is desired setting.

Generally, no further changes are required. Select Next at the bottom of the windows to continue.

Typically, no changes need to be made here as we will want this new vault to be available publicly via something like PowerShell. However, you can make whatever changes you desire and select the Next button at the bottom of the screen to continue.

Add tags if you wish and then select the Next button at the bottom of the window.

Review the settings you have made and select the Create button.

You should now see the new vault being provisioned as shown above.

When the provisioning you can select the option to view the result as shown above.

You can return to your new vault at any time by navigating to Key Vaults in the Azure portal where you should see the vault just created as shown above.

I’d also suggest you check some permissions before you leave. Open the newly created vault and select Secrets from the menu on the left. If you see the banner across the top as shown above the reads This operation is not allowed by RBAC then you’ll probably need to change some permissions.

Navigate to the Access Control (IAM) option from the menu on the left as shown above. Then on the right select +Add.

From the menu that appears select the Add role assignment as shown above.

Locate and select the Key Vault Administrator job function role as shown.

Select Next at the bottom of the screen to continue.

Click the +Select members hyperlink as shown above.

From the window that appears on the right, search for the user whom you want to have rights over the vault (typically the same user that is currently logged in). Press the Select button at the bottom of the window to continue.

The selected user(s) should now appear under the Members section as shown above.

Press the Next button to continue.

Select the Review + assign button at the bottom of the screen to complete the process.

If you now return to the Secrets area that displayed the original RBAC warning, after a minute or two, you should see that message is longer displayed. The user that you just added now has administrative rights to the vault.

If you want to learn more about what Azure Key Vaults are all about take a look at:

Azure Key Vault basic concepts

however, in essence they are going to place to store stuff you want kept secure, like configurations details, including passwords and then access them programmatically.

CIA Brief is coming

messenger delivering a new annoucement to the pubblic

For a long while I used Power Automate to push out interesting stories around the Microsoft Cloud I found to Twitter (X now). Unfortunately, X changed the pricing of their API which made it prohibitively expensive to continue with this approach.

Given this, I’ve been thinking about what would be a suitable replacement. I initially considered an email list, as that is what all the cool kids do, but I also needed a process that was simple and easy for me, especially if I was going to do something weekly. The problem using a bulk email system like Mailchimp, is that I would need to format each blast using the Mailchimp website as well as send it from there. If I planned to do a weekly update of links I have found, that becomes time consuming and inconvenient, especially if I’m travelling.

Another reason I have not opted for an email list is that I am already on plenty that send updates weekly and honestly I don’t find that it is a very effective mechanism. Yes, I do read them all and yes, they provide value but I tend to put off reading them and deal with more important things in my inbox. I kind of need to be in the ‘mood’ to sit there and read through all the information and if I’m not then they tend to ‘backup’ as a to-do item.

I also considered doing a video update and posting it on YouTube as many others do. The downside to this method is it is a huge amount of work behind the scenes. My experience is also that a video of a whole bunch of screen shots or text really doesn’t appeal to people because when I tried it a while back by posting my podcasts with this content, the number of views simply didn’t reach acceptable minimums for the amount of invested effort.

Thus, I ruled out setting up an email list or using a video update as well as few other methods and instead have favoured posting the information here on my blog. The benefits of this is that it will be easy for me to quickly copy, paste and post the collection of stuff I find weekly. For those that do want emails there is the option to subscribe to my blog as email if you wish. The blog method however means you can simply read the post without having to give up your email if you choose and not have additional emails in your inbox, which is always a good thing. I also like that it will be searchable and publicly available.

I have created a tag on my blog called ‘CIA Brief’ which allows you to filter by just that tag. For example the feed will be:

https://blog.ciaops.com/tag/CIA-Brief/

that means you can simply follow the items I post with this tag the get the list of information I plan to post.

The ask I have of those that find value in the CIA Brief is to Like the post, as shown above at the bottom of each post. This way I know that the information is of value to people and provides an incentive for me to continue producing it. If you can Like each CIA Brief you see that would be very much appreciated.

Of course, I also welcome your feedback about how to make this concept even more valuable to people. I want something that is quick and easy to view on a weekly basis that will keep you up to date with the Microsoft Cloud. If you have any suggestions or feedback then I’m all ears.

That is the why and wherefores done. Stay tuned for the first CIA brief at the end of this week.